We are now midway through the month, and into Cybersecurity Awareness as well. As I peruse through the news headlines, its all pretty much the same thing. However, there is a new trend that is coming up, and that is called “Telehealth”.
Conceptually, there is really new about it in terms of concept, but rather, its usage has up ticked dramatically because of COVID19. With this, there are many ways that you can communicate with your health care professional.
It does not have to be just on phone, fax, or in person. You can, provided that all of the security mechanisms are in place, communicate even via Email or even by online Chat (but texting still has a ways to go yet before it is formally adopted). In fact, the use of chat mechanisms have been also around for quite a long time, even before Telehealth before came into existence.
With the Remote Workforce now almost a guarantee going well into 2021, it appears that the Chat mechanism that are available through the major video conferencing tools such as that of Microsoft Teams, Zoom, WebEx, etc. are only going to grow more in popularity. But there are still security issues that surround the usage of these platforms.
For example, according to a recent study that was conducted by Morphisec, entitled the “2020 WFH Cybersecurity Threat Index”, many of the respondents felt that the use of Chat mechanisms, such as that of even Slack, are the second most important tool that is needed when WFH.
But quite astonishingly, many of them also claimed that they do not make use of the security features that are offered in them. More details about this study can be seen here at this link:
So what can you do protect your online chats? Here are some quick tips that you can use:
*Your company needs to make use of the Enterprise Version:
Unless you own your own business, this is something that your company has to get for you as you WFH. There are many flavors that come with Chat tools, but keep in mind, the lower you go in terms of offering, the less security features you are going to have. So while yes, the Enterprise based Versions can be more costly, they offer a plethora of security mechanisms that you can use, and these include such things as Single Sign On Solutions (SSOs) that make use of Biometric Technology (such as that of Fingerprint Recognition and Iris Recognition), Multifactor Authentication (MFA), Encryption, and also the compliance tools that are needed to stay clean with the like of the GDPR, CCPA, HIPAA, etc. But it is very important to keep in mind that you do not just use the default settings that the vendor provides. Always tweak the security settings to your own level of requirements.
*Make sure that your communications are always secure:
Whenever we communicate online with anybody, we always make the false assumption that the security features are always enabled. But however, this may not necessarily the case. Before you engage into a Chat session with your colleague, just do a quick scan to make sure that it is all enable. Yes, this is a pain, but if you are going to be sharing confidential files, this is an absolute must. Also, many of the Chat mechanisms come with some sort of functionality that can scan this for you as well. Make use of this, as it could save you some time, especially if you are in a hurry to a virtual meeting.
*Try to avoid customization:
Many of the Chat tools also allow for you to personally customize the look and feel of your chatting console. While this can make things convenient for you, it can also pose a grave security threat as well. So therefore, try to avoid in doing this as much as possible. The way I look at it is who cares about how it looks as long as you can get your job done, right? Well, not many people share that same viewpoint. So, if you absolutely have to customize your Chat dashboard, make sure that your run it past your IT Security Team and have them do a security review of it, just to be sure.
*Be careful about the accounts that you give out:
In todays WFH environment, many businesses are not starting to hire freelancers and contractors. Heck, even I have done many contract related tech writing jobs in the past. But the tendency here is to give these types of classified workers their own accounts with full access privileges. Don’t do this!!! There are extremely serious consequences for third party risk here. Instead, just give them what is known as a “Guest Account”. These kinds of accounts have very limited functionality in terms of accessing shared resources, and thus, it should be used as such. And keep in mind, once the freelancer’s or contractor’s term of engagement has been completed, immediately delete this account. In other words, don’t just keep recycling old Guest Accounts. Always create brand new ones from scratch. This will also lessen the statistical odds of any sort of Malware from lingering onto your IT and Network Infrastructures.
*Be cognizant of Data Retention Policies:
With the recent passages of both the GDPR and the CCPA, pretty much all businesses across Corporate America now have to retain all sorts of communication, whether it is paper or electronic based, for a certain number years. But it does not mean that you should retain them in your Chat agent application. Many of them allow for a certain amount of storage, but from the standpoint of security, you should never store past conversations on them. Whenever you are done with a conversation, perhaps copy the content into a .DOC for later reference, but always delete it from your Chat application. Most likely, your Chat conversations will be stored permanently somewhere. It’s like deleting an Email message. Just because you delete it, it does not mean that is actually “deleted”. It is still saved somewhere on some corporate server in your business. Even when you store the .DOC file, use a separate storage device for that, like a thumb drive. But always check with your IT Security Team to make sure that your conversations are being stored for Data Retention purposes– just to make sure that you are abiding by the Security Policies of your company.
My Thoughts On This
Well, there you have it, some quick tips on how to engage in secure Chat sessions with your colleagues and coworkers. I personally have not used any Chat mechanism recently – most of my communications are on Email or phone conversations.
Sometimes I will text, but this assuming that I know who will be texting me back. I used to be a big fan of Yahoo Messenger, but for some reason or another, that faded into the woodworks.
But another thing to keep in mind – it is always wise to use a Chat agent that comes as part of an overall package, such as that of Microsoft Teams. The key reason for this is that there will be other, very robust security functionalities that you can use very quickly.
I know that Teams has this and have heard great stories about it. Plus, the tech support will come with the cost of your subscription, so there will be no extra expenses in this regard.
IMHO never use just a stand-alone Chat application . . . too many issues can arise from that.